CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-10752

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 72.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/
https://demo.ripstech.com/projects/serendipity_2.0.3
https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/
https://demo.ripstech.com/projects/serendipity_2.0.3

Products affected by CVE-2016-10752

S9y » Serendipity » Version: 2.0.3

cpe:2.3:a:s9y:serendipity:2.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10752

Products

Pricing

Contact Us